From: Omar Herrera (oherrera@prodigy.net.mx)
Date: Wed Jul 27 2005 - 14:10:07 EDT
Hi Jonathan
Linksys AP I've seen all use an initial TTL of 150, calculating the number of hops between you an the hosts scanned and then add the TTL of responses should do it. Or simply looking at responses of probes to port 80 TCP, with a TTL close to and < 150 should be enough and relatively fast.
Regards,
Omar Herrera
----- Mensaje original -----
De: Jonathan Gauntt
> Hi,
>
> I have been tasked with the project of scanning and identifying
> all non
> Cisco wireless access points within the company?s network.
>
> We have about 800 /22 and /24 subnets, and because of the IP
> addressingscheme in place, might just be easier for me to scan the
> whole class A range
> of IP?s.
>
> I have access to Nessus and GFI Security Scanner. Since we over
> 8000 IP?s
> in place, does anyone have any advice on the best way to identify
> these non
> Cisco AP?s such as Linksys and Netgear, etc.
>
> I wouldn?t want to have a report produced that is two miles long
> unlessabsolutely necessary.
>
> Thanks,
>
>
> Jonathan
>
>
>
>
>
>
This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:54:38 EDT